Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Injecting Malicious Code Into HTML5-Based Apps

10.04.2014

Scanning 2D barcodes, finding free Wi-Fi access points, sending SMS messages, listening to music, and watching MP4 videos: these are very common activities that we do using our smartphones.

Can you imagine that simply doing these things can get your smarphones infected with "worms" that can not only steal personal information from your phone, but also infect your friends's phones.

Sound scary? It will not be long before worms like this spread among smartphones. What makes the attacks feasible is an emerging technology called HTML5-based app development, and it has been rapidly gaining popularity in the mobile industry.

When the adoption of this technology reaches certain threshold, attacks like this will become quite common, unless we do something to stop it. A recent Gartner report says that by 2016, fifty percent of the mobile apps will be using HTML5-based technologies.

What platforms are affected?

All major mobile systems will be affected, including Android, iOS, Blackberry, Windows Phone, etc., because they all support HTML5-based mobile apps.

A notorious problem of the HTML5-based technology is that malicious code can be easily injected into the program and get executed. That is why the Cross-Site Scripting (XSS) attack is still one of the most common attacks in the Web.

XSS attacks can only target at web applications through a single channel (i.e. the Internet), but with the adoption of the same technology in mobile devices, we have found out that a similar type of attack can not only be launched against mobile apps, it can attack from many channels, including 2D barcode, Wi-Fi scanning, Bluetooth pairing, MP3 songs, MP4 videos, SMS messages, NFC tags, Contact list, etc. As long as an HTML5-based app displays information obtained from outside or from anohter app, it may be a potential victim.

Chris Hittinger | EurekAlert!
Further information:
http://www.cis.syr.edu/~wedu/attack/

More articles from Information Technology:

nachricht Goodbye ground control: autonomous nanosatellites
10.02.2016 | Julius-Maximilians-Universität Würzburg

nachricht Drones Learn To Search Forest Trails for Lost People
10.02.2016 | Universität Zürich

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Goodbye ground control: autonomous nanosatellites

The University of Würzburg has two new space projects in the pipeline which are concerned with the observation of planets and autonomous fault correction aboard satellites. The German Federal Ministry of Economic Affairs and Energy funds the projects with around 1.6 million euros.

Detecting tornadoes that sweep across Mars. Discovering meteors that fall to Earth. Investigating strange lightning that flashes from Earth's atmosphere into...

Im Focus: Flow phenomena on solid surfaces: Physicists highlight key role played by boundary layer velocity

Physicists from Saarland University and the ESPCI in Paris have shown how liquids on solid surfaces can be made to slide over the surface a bit like a bobsleigh on ice. The key is to apply a coating at the boundary between the liquid and the surface that induces the liquid to slip. This results in an increase in the average flow velocity of the liquid and its throughput. This was demonstrated by studying the behaviour of droplets on surfaces with different coatings as they evolved into the equilibrium state. The results could prove useful in optimizing industrial processes, such as the extrusion of plastics.

The study has been published in the respected academic journal PNAS (Proceedings of the National Academy of Sciences of the United States of America).

Im Focus: New study: How stable is the West Antarctic Ice Sheet?

Exceeding critical temperature limits in the Southern Ocean may cause the collapse of ice sheets and a sharp rise in sea levels

A future warming of the Southern Ocean caused by rising greenhouse gas concentrations in the atmosphere may severely disrupt the stability of the West...

Im Focus: Superconductivity: footballs with no resistance

Indications of light-induced lossless electricity transmission in fullerenes contribute to the search for superconducting materials for practical applications.

Superconductors have long been confined to niche applications, due to the fact that the highest temperature at which even the best of these materials becomes...

Im Focus: Wbp2 is a novel deafness gene

Researchers at King’s College London and the Wellcome Trust Sanger Institute in the United Kingdom have for the first time demonstrated a direct link between the Wbp2 gene and progressive hearing loss. The scientists report that the loss of Wbp2 expression leads to progressive high-frequency hearing loss in mouse as well as in two clinical cases of children with deafness with no other obvious features. The results are published in EMBO Molecular Medicine.

The scientists have shown that hearing impairment is linked to hormonal signalling rather than to hair cell degeneration. Wbp2 is known as a transcriptional...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Travel grants available: Meet the world’s most proficient mathematicians and computer scientists

09.02.2016 | Event News

AKL’16: Experience Laser Technology Live in Europe´s Largest Laser Application Center!

02.02.2016 | Event News

From intelligent knee braces to anti-theft backpacks

26.01.2016 | Event News

 
Latest News

Chemical cages: New technique advances synthetic biology

10.02.2016 | Life Sciences

Engineering researchers use laser to 'weld' neurons

10.02.2016 | Power and Electrical Engineering

Drones Learn To Search Forest Trails for Lost People

10.02.2016 | Information Technology

VideoLinks
B2B-VideoLinks
More VideoLinks >>>